CVE-2017-1000199 — Sensitive Information Exposure in Project Tcmu-runner

CWE-200 — Sensitive Information Exposure5 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 46.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tcmu-runner Project Tcmu-runner

Timeline

PublishedNov 17

Latest updateMay 17

Description

tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDtcmu-runner_project/tcmu-runner10 versions+9

🔴Vulnerability Details

GHSA

GHSA-mm98-g27p-4qwj: tcmu-runner version 0↗2022-05-17

▶

📋Vendor Advisories

Red Hat

tcmu-runner: qcow handler opens up an information leak via the CheckConfig D-Bus method↗2017-07-17

▶

💬Community

Bugzilla

CVE-2017-1000198 CVE-2017-1000199 CVE-2017-1000200 CVE-2017-1000201 tcmu-runner: various flaws [fedora-all]↗2017-08-31

▶

Bugzilla

CVE-2017-1000199 tcmu-runner: qcow handler opens up an information leak via the CheckConfig D-Bus method↗2017-08-31

▶